[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-8992":3},{"id":4,"name":5,"fullName":6,"owner":5,"repo":5,"description":7,"homepage":8,"htmlUrl":9,"language":10,"languages":9,"totalLinesOfCode":9,"stars":11,"forks":12,"watchers":13,"openIssues":14,"contributorsCount":15,"subscribersCount":15,"size":15,"stars1d":15,"stars7d":15,"stars30d":16,"stars90d":15,"forks30d":15,"starsTrendScore":15,"compositeScore":17,"rankGlobal":9,"rankLanguage":9,"license":18,"archived":19,"fork":19,"defaultBranch":20,"hasWiki":21,"hasPages":19,"topics":22,"createdAt":9,"pushedAt":9,"updatedAt":32,"readmeContent":33,"aiSummary":34,"trendingCount":15,"starSnapshotCount":15,"syncStatus":16,"lastSyncTime":35,"discoverSource":36},8992,"DeimosC2","DeimosC2\u002FDeimosC2","DeimosC2 is a Golang command and control framework for post-exploitation.","",null,"Vue",1161,167,36,18,0,2,19.68,"MIT License",false,"master",true,[23,24,25,26,27,28,29,30,31],"c2","doh","golang","hacktoberfest","https","infosec","quic","red-team","security-tools","2026-06-12 02:02:01","\n[![License: MIT](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-MIT-yellow.svg)](https:\u002F\u002Fgithub.com\u002FDeimosC2\u002FDeimosC2\u002Fblob\u002Fmaster\u002FLICENSE)\n\n# DeimosC2\nDeimos is in: __DEPRECATED__\n\n**DeimosC2 is no longer maintained and has a known XSS vulnerability (CVE-2025-26244).**\n\n**Thanks to JaRm222 for identifying the vuln and notifying us.  His writeup of the vuln can be found [here](https:\u002F\u002Fjarm222.github.io\u002Fposts\u002FCVE-2025-26244-Writeup\u002F).**\n\nDeimosC2 is a post-exploitation Command & Control (C2) tool that leverages multiple communication methods in order to control machines that have been compromised. DeimosC2 server and agents works on, and has been tested on, Windows, Darwin, and Linux. It is entirely written in [Golang](https:\u002F\u002Fgolang.org\u002F) with a front end written in [Vue.js](https:\u002F\u002Fvuejs.org\u002F).\n\n### Listener Features\n* Each listener has it's own RSA Pub and Private key that is leveraged to wrap encrypted agent communications.\n* Dynamically generate agents on the fly\n* Graphical map of listener and agents that are tied to it\n\n### Agent Features\n* Agent list page to give high level overview\n* Agent interaction page containing info of agent, ability to run jobs against agent, filebrowser, loot data, and ability to add comments\n\n### Supported Agents\n* TCP\n* HTTPS\n* DoH (DNS over HTTPS)\n* QUIC\n* Pivot over TCP\n\n### Frontend Features\n* Multi-User support with roles of admin and user\n* Graphs and visual interaction with listeners and agents\n* Password length requirements\n* 2FA Authentication using Google MFA\n* Websocket API Calls\n\n## Getting Started and Help\nYou can download the latest [release](https:\u002F\u002Fgithub.com\u002FDeimosC2\u002FDeimosC2\u002Freleases) and view the [wiki](https:\u002F\u002Fgithub.com\u002FDeimosC2\u002FDeimosC2\u002Fwiki) for any assistance getting started or running the C2.\n\n## Submitting Issues\nWe welcome issues to be opened to help improve this project and keep it going. For bugs please use the [template](.github\u002FISSUE_TEMPLATE\u002Fbug_report.md).\n\n## Authors\n* Chase Dardaman ([@CharlesDardaman](https:\u002F\u002Ftwitter.com\u002FCharlesDardaman))\n* Quentin Rhoads-Herrera ([@paragonsec](https:\u002F\u002Ftwitter.com\u002Fparagonsec))\n* Elvira Sheina ([developeruz](https:\u002F\u002Fgithub.com\u002Fdeveloperuz))\n* Blase Brignac ([@BlaiseBrignac](https:\u002F\u002Ftwitter.com\u002FBlaiseBrignac))\n\n## Credits\nIn order to develop this we used some of the awesome work of others. Below is a list of those we either used their code or were inspired by. If we missed you please let us know so we can add your name!\n* [lsassy](https:\u002F\u002Fgithub.com\u002FHackndo\u002Flsassy) by [@HackAndDo](https:\u002F\u002Ftwitter.com\u002FHackAndDo) used for some Windows modules\n* [goDoH](https:\u002F\u002Fgithub.com\u002Fsensepost\u002FgoDoH) by [@leonjza](https:\u002F\u002Ftwitter.com\u002Fleonjza) from SensePost used for DoH\n* [BishopFox Sliver](https:\u002F\u002Fgithub.com\u002FBishopFox\u002Fsliver) used in some places as they already did a fanstastic job\n* [Merlin](https:\u002F\u002Fgithub.com\u002FNe0nd0g\u002Fmerlin) used for reflective DLLs support\n* [dgoogauth](https:\u002F\u002Fgithub.com\u002Fdgryski\u002Fdgoogauth) used for the 2FA functionality\n* [gobfuscate](https:\u002F\u002Fgithub.com\u002Funixpickle\u002Fgobfuscate) used to support agent obfuscation\n* [Stack Overflow](https:\u002F\u002Fstackoverflow.com\u002F) because isn't this how we develop now?\n* [Bad Sector Labs](https:\u002F\u002Ftwitter.com\u002Fbadsectorlabs) for their Domain Hiding technique using TLS 1.3, ESNI, and Cloudflare\n\n## Disclaimer\nThis program should only be used on environments that you own or have explicit permission to do so. Neither the authors, nor Critical Start, Inc., will be held liable for any illegal use of this program.\n","DeimosC2 是一个用于后渗透阶段的命令与控制框架。它采用Golang编写，并使用Vue.js构建前端界面，支持多种通信协议如TCP、HTTPS、DoH（DNS over HTTPS）和QUIC等，以实现对被攻陷主机的有效控制。每个监听器都拥有独立的RSA公钥和私钥来加密代理通信，同时提供动态生成代理、图形化显示监听器及关联代理等功能。此外，该工具还具备多用户支持、角色管理、双因素认证等安全特性。尽管DeimosC2现已不再维护且存在已知XSS漏洞，但其设计理念和技术实现对于信息安全研究者特别是红队成员来说仍具有一定的参考价值。","2026-06-11 03:20:42","top_language"]